dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
477

kickass69
join:2002-06-03
Lake Hopatcong, NJ

kickass69 to Mele20

Member

to Mele20

Re: Check Your Browser's Encryption Preferences

Question remains why isn't TLS 1.2 in Firefox and why isn't that the standard by now for TLS?

therube
join:2004-11-11
Randallstown, MD

therube

Member

> Question remains why isn't TLS 1.2 in Firefox

»Re: Check Your Browser's Encryption Preferences
evoxllx
join:2007-06-07
Winter Park, FL

1 edit

evoxllx to kickass69

Member

to kickass69
said by kickass69:

Question remains why isn't TLS 1.2 in Firefox and why isn't that the standard by now for TLS?

Firefox and Chrome should be getting it soon, since patches for it have been sent up to NSS.

The main reason it hasn't been widely adopted is due to broken network devices and broken servers. Many broken devices and servers freak out and start dropping TCP connections if they see a higher version of TLS than 1.0.

This is exactly the reason why TLS 1.1 and 1.2 are supported by Opera and IE (SChannel), but are disabled by default.

Safari (iOS 5+) added support for TLS 1.2 (enabled by default), and it triggered a lot of problems due to those broken devices and servers.

I think it's time to disregard these broken devices and servers, much like everyone did for the 1/n-1 record splitting BEAST fix, which broke compatibility with a number of buggy servers.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

Why would Fx be getting TLS 1.2 "soon" when it doesn't even have TLS 1.1?

norwegian
Premium Member
join:2005-02-15
Outback

norwegian

Premium Member

evoxllx's mention of TSL 1.0 and web pages is requite relevant, since all the uproar over the inherent weaknesses discovered, not many sites will work on anything more than ver 1.0 still.
If the browsers and web pages at large fix this, then I think it a positive jump forward, be that next week or next quarter.
evoxllx
join:2007-06-07
Winter Park, FL

1 edit

evoxllx to Mele20

Member

to Mele20
said by Mele20:

Why would Fx be getting TLS 1.2 "soon" when it doesn't even have TLS 1.1?

Firefox is always slow to to enable new crypto features and fixes. They were actually the *last* browser to patch against the BEAST attack, with the exception of Safari, which never patched it at all.

The major security benefit of TLS 1.1, the explicit CBC IVs, was retrofitted to previous versions in the form of 1/n-1 record splitting.

The major point for TLS 1.2 right now is AES-GCM, since that will allow people to get away from both RC4 and CBC mode ciphers.
said by norwegian:

evoxllx's mention of TSL 1.0 and web pages is requite relevant, since all the uproar over the inherent weaknesses discovered, not many sites will work on anything more than ver 1.0 still.
If the browsers and web pages at large fix this, then I think it a positive jump forward, be that next week or next quarter.

TLS 1.1-1.2 support is on the rise for servers, it can be seen on sslpulse.

»www.trustworthyinternet. ··· l-pulse/

Over 22,000 sites support TLS 1.2 now, many big sites as well.